"Perhaps we will never know"
Quite possibly not, but that surely doesn't stop a necessary and sufficient quantity of Conspiracy Theories being hatched.
Two programmers hope to resurrect development of disk-encryption tool TrueCrypt after its original developers quit the project. The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure. They blamed the Microsoft's …
Quite possibly not, but that surely doesn't stop a necessary and sufficient quantity of Conspiracy Theories being hatched.
"....Conspiracy Theories...." Come on, everyone knows it was Richard Grenell that done it! It's Swift Boat Part Three - The Decryption Affair!
If my limited experience of releasing free software is anything to do by, they probably got fed up with the endless whiners and complainers. Its amazing the number of people who seem to think they're doing you a favour by using your program and think you owe them 24/7 attention for every tiny issue, rather than you having done THEM a favour by writing and releasing it for free in the first place. I can't be bothered with that school playground attitude any more - if they want help now they can pay me or they can just feck off.
No sure I agree with you about them stopping due to whinging users, but I do definitely agree they should pay or "they can just feck off".
It would be rather surprising if the developers tried the enforce their License with the result they'll lose their anonymity.
The only real deterrent in that License is a mild case of FUD.
It says "Fork if you like just don't call your project "Truecrypt" or "Truecrypt+" or "Truecrypt2" or "TruecryptPro" or "TruecryptUltra" or... anything else which could deceive people into thinking it's associated with our project"
What could possibly be fairer than that?
Certainly didn't cause any problem for Mandriva when the repackaged and incorporated TrueCrypt into their project under the name "RealCrypt"
Until they, or their heirs, or the bank if they default on their mortgage - sell the rights to a patent troll who go after every Linux distribution and corporation using Truecrypt.
Either pick some name like TPFKAT or just hit the dictionary and call it something else.
Clonecrypt? or go the other way: CryptClone?
sell the rights to a patent troll who go after every Linux distribution and corporation using Truecrypt
And is then royally ignored by everyone because it's about copyrights and trademarks.
Patent trolls will sue over copyrights and trademarks as well.
The point being that "they are good guys don't worry" doesn't work when they sell to bad guys
"Patent trolls will sue over copyrights and trademarks as well."
Not when YOU DON'T (MIS)USE THEM they won't.
"The point being that "they are good guys don't worry" doesn't work when they sell to bad guys"
No, it neither works nor "doesn't work" - "the point" doesn't make a difference. "The point" doesn't exist. "The point" is a bizarre and irrational figment of your imagination.
No one (not even your "bad guys") has powers of timetravel. No one (not even your "bad guys") has powers to retrospectively re-licence anything. TC 7.1a was released by its owners and publishers under what they called the Truecrypt 3.0 Licence. TC 7.1a will always have been released by its owners and publishers under what they called the Truecrypt 3.0 Licence. Anything based on TC 7.1a must comply with the (remarkably permissive) Truecrypt 3.0 Licence - just is it always had to and just as is always* will do.
*Thanks to the mystical powers of The Disney® Corporation Inc., and Political Corruption™ the moving goalposts of copyright expiry now seem to be infinity away.
Crew Tripped (Hoffman fork)
Spooky Crypt (bare bones edition)
L337 Krypt (Skiddy version)
IMHO the licence isn't problematic so much for the part highlighted in the article at all: it's far more because it doesn't (implicitly or explcitly) offer copyright immunity to users or distributors. People seem to have forgotten about this but it's the reason it's still on a number of distros' shit-lists and why the OSI wouldn't validate it as an open-source license (meeting the OSD).
A (rather dry legalese) analysis was given here. TL;DR Conclusion:
In effect TrueCrypt ought to be waiving certain of its rights for this to be operative as a license. Free software licenses do involve waivers of rights.
Our counsel advised us that this license has the appearance of being full of clever traps, which make the license appear to be a sham (and non-free).
The precise implications for forkers of all this are beyond me, but the devs clearly don't want a direct fork of their codebase, and they or a representative might even be prepared to break cover to sue. And the above demonstrates that they have a basis on which to do so, and even to start suing users if they want.
"The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure."
"They blamed the Microsoft's discontinuation of official support for Windows XP..."
"The real reasons why TrueCrypt.org pulled the plug remain unclear. In the absence of any convincing explanation, conspiracy theorists have suggested TrueCrypt was shut down, Lavabit-style, in response to pressure from the feds or spy chiefs, or possibly due to an internal power struggle. Perhaps we'll never know."
You start the article by stating reasons as to why TrueCrypt shutdown, passing them off as facts, then you end the article contradicting yourself by saying you do not know the reasons.
So which is it; did the maintainers shutdown TrueCrypt due to Microsoft ending support for XP and/or did the maintainers feel like they couldn't keep the software secure any longer, or do you not know and can only speculate?
At least he managed to deploy "ostensibly" into the FUD, which was the least he could do, before he went on to brand the baffled TrueCrypt users his quaint newspeak euphemism for "tinfoil clad psychotics"
Seeing as how the license for TrueCrypt lists forbidden variations of true followed by crypt, I suggest reversing the order and calling the fork, "CryptTrue".
Or chuck it through an anagram generator and get:
Ok, so maybe not!
or simply separate the words and replace them with alternatives of the same meaning
Ladies and Gentleman, I give you the name for the forked version.
.. or TwoCrypt.
Crypto the wonder true.
Now with zero added conspiracy theories.
I was thinking its bound to become ProCrypt
But someone already appears to have grabbed that
Only if you encrypt with the Twofish algorithm ...
What difference does the XP EOL make to the code quality of TrueCrypt?
> What difference does the XP EOL make to the code quality of TrueCrypt?
None whatsoever, and AFAICT there isn't a claim here that it does or should.
Microsoft's decision to discontinue post-sale bugfix support to members of the public running XP means newly-discovered holes through which data(/code?) could leak out are going to stay open longer (if not forever). It seems reasonable that the team should want to take a course of action based on a) not suffering slights on the software due to problems in the underlying OS, b) not feeling obliged to build more and more plugs into the software due to holes in the host OS, and/or c) not needing to keep suitable-for-testing copies of XP around for longer than necessary. That they also supply advice and a migration path is commendable.
"That they also supply advice and a migration path is commendable."
That the proposed migration path was Bitlocker doesn't exactly make it commendable. I think 'borderline suspicious' is a better choice of words.
None. But it is no longer needed, at least in the (apparent) opinion of the authors:
"Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms".
> That the proposed migration path was Bitlocker doesn't exactly make it commendable.
That's not in contention; it's the decision of the developers to not leave end users with data that cannot be transferred (or otherwise recovered) that I'm commending above.
Going back to the line I originally quoted, I don't think it's necessary to finger point code quality in Windows (whatever one thinks of it) although obviously it does drive those concerns I listed to an extent (as it would for any other end-of-line OS).
...and since you've brought up Bitlocker I'm not blaming the team for wanting to not compete against the evolving market -whether any strong-arming has taken place or not- and having spoken highly of the TrueCrypt effort to people recently am pleased there is news of an effort to continue it ;)
>It seems reasonable that the team should want to take a course of action based on a) not suffering slights on the software due to problems in the underlying OS, b) not feeling obliged to build more and more plugs into the software due to holes in the host OS, and/or c) not needing to keep suitable-for-testing copies of XP around for longer than necessary
* Add the following text to the website. "Due to Microsoft ceasing support of windows XP, Windows XP is no longer a supported by Truecrypt. We recommend you upgrade your operating system."
* A checkbox later in installshield will prevent its install on such operating system versions (or at least those who can work around that know the risks)
The journo made no claims; he reported "they claimed."
I've reread the article but I cannot find where the author reported "they claimed". Mind pointing it out for me?
Last I checked "ostensibly" meant "purportedly" and "They blamed" suggests "They claimed," but then again, a thesaurus may not be on your bookshelf to know such things.
Thanks for the definition of ostensibly. I did not look it up and it is egg on my face!
> Last I checked
Well, to be fair, the first poster quoted "They claimed" as if it was a literal quote from the article.
Claiming a "trademark" and then failing to enforce it is one way to lose it in the UK at least. I'm not sure what protection the license affords the holder in determining what someone might call a fork of TC.
Basically, if you want to enforce rights through a license for a product then calling the product defunct is probably a good way to revoke your own "rights" to the name.
Unless the license holders create some form of legal entity around the name TrueCrypt I would suggest they have already effectively dropped the name back into the public domain, if indeed it actually left it.
Actually, that's completely, totally and utterly wrong without any basis in law.
They have released the source code and a license allowing use of said code under a few limited conditions, one of which being that you don't use the name TrueCrypt or anything similar.
If you use the name TrueCrypt then your in violation of the license agreement, hence they have no legal right to use the code or make any alterations to it. Saying that they understand this, but plan to host the website in Switzerland to evade their legal and moral obligations is utterly immoral and shows a total lack of shame, integrity and decency on the part of the "developers" who are shamelessly stealing from TrueCrypt.
I think this demonstrates perfectly well however much developers are plain about the license agreements (no opaque language here!) then total fuckwits will ignore the simplest and fairest conditions of use.
It would be perfectly legal to continue from the previous version and call it FalseCrypt, ContinuationCrypt or whatever. If it's a decent product then as with LibreOffice then people will all but forget the previous dead name within a couple of years.
Re closing down; consider why Lavabit closed down and ponder for a few minutes on how cynical and or paranoid you should be, and if it's worth using any form of encryption product with developers in the US if you want your files to remain encrypted.
You might want to look up what stealing means. It implies depriving the rightful owner of something of value.
Given that the moral owners of the TrueCrypt name are not coming forward, and that there is absolutely no sign of them commercialising this product in any way, I don't see what is being "lost" to justify a copyright infringement charge, let along "stealing".
Sure it is an infringement of the license terms, but who is actually suffering? Certainly not the end users who otherwise would have to go to something else that might be much worse in terms of privacy.
If you're going to accuse others of fuckwittery, you might want to be certain you've got your facts straight first.
From their main page:
"We offer the product as is, and do not claim any rights to the name TrueCrypt or TrueCrypt.org - this is not a fork but the distributon of the product under Section II of the TrueCrypt license."
Elsewhere they also state that a fork would likely be renamed.
They are hosted in Switzerland as the black helicopters don't work quite as well in the mountains.
Don't they have other ones with a white camo paintjob, that blend in better with snow...?
Saying that they understand this, but plan to host the website in Switzerland to evade their legal and moral obligations is utterly immoral...
I hope your fellow colleagues don't ostracize and bully you. Haranguing people on morality while not having a clue tends to backfire.
Theft (stealing); dishonestly appropriating the property of another with the intention of permanently depriving the other of it. If I remember correctly, their are three exceptions when it is not theft, something along the lines of believing one had a right to it, unable to find the owner after reasonable efforts to tind them and something I have entirely forgotten. Hence, in England and Wales, there is a separate offence (or was, laws change) of taking and driving away to catch the theft of a car that is later abandoned.
There is nothing there about value. So, stealing tuppence is just as much theft as stealing two million pounds. Hence it is theft to take something from someone else's dustbin or a builder's skip without permission.from the owner.
Did the auditers really use that language?